1. Summary

    Multiple vulnerabilities have been identified that affect session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. The known vulnerabilities mainly affect WPA2 client devices, but some vulnerabilities may affect wireless infrastructure components such as Access Points.

  2. Target Products

    Wireless products (including Partner Products)

    1. Affected

      MWS AP Series (From version 2.0.0)

    2. AT-MWS600AP
      AT-MWS900AP
      AT-MWS1750AP
      AT-MWS2533AP

    3. Not Affected

      TQ Series (all versions)
      AT-TQ2403
      AT-TQ2403EX
      AT-TQ2450
      AT-TQ3200
      AT-TQ3400
      AT-TQ3600
      AT-TQ4400
      AT-TQ4400e
      AT-TQ4600

    4. UWC Series
      AT-UWC
      AT-UWC-APL

      Extricom products

  3. Impact

    Wireless products connected with the WPA and WPA2 protocols face the possibility of being attacked. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, and so on. These attacks will cause information leakage.

  4. Workarounds

    You can avoid this vulnerability with the following workarounds:

    MWS AP Series
    4.1 Disabling Fast Roaming
    4.2 Firmware upgrade - release date to be announced.

Forward-Looking Statements

Matters discussed here may constitute forward-looking statements. The Private Securities Litigation Reform Act of 1995 provides safe harbor protections for forward-looking statements in order to encourage companies to provide prospective information about their business. Forward-looking statements include statements concerning plans, objectives, goals, strategies, future events or performance, and underlying assumptions and other statements, which are other than statements of historical facts. The Company desires to take advantage of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and is including this cautionary statement in connection with this safe harbor legislation. The words “believe,” “anticipate,” “intends,” “estimate,” “forecast,” “project,” “plan,” “potential,” “may,” “should,” “expect,” “pending” and similar expressions identify forward-looking statements. The forward-looking statements in this press release are based upon various assumptions, many of which are based, in turn, upon further assumptions, including without limitation, our management's examination of historical operating trends, data contained in our records and other data available from third parties. Although we believe that these assumptions were reasonable when made, because these assumptions are inherently subject to significant uncertainties and contingencies which are difficult or impossible to predict and are beyond our control, we cannot assure you that we will achieve or accomplish these expectations, beliefs or projections.

Warranty and Limitation of Liability

THE INFORMATION AND/OR MATERIALS CONTAINED HEREIN ARE PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Allied Telesis, Inc. shall not be liable for direct, indirect, special, incidental, or consequential damages related to your decision to use any of the information and/or materials listed and/or posted in this press release, even if Allied Telesis, Inc. is advised of the possibility of such damage.

Trademarks Statement

Other companies and products mentioned herein may be trademarks or registered trademarks of their respective trademark owners.